From 97ad7f70203e5bff52af76fb637c34b4a260261b Mon Sep 17 00:00:00 2001 From: hugsy Date: Sun, 28 Nov 2021 08:45:20 -0800 Subject: [PATCH 01/10] [CI] Change test order Failing linting matters way less than failing tests --- .github/workflows/run-tests.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index 3161f81dc..1869968a5 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -71,12 +71,13 @@ jobs: echo "source $(pwd)/gef.py" > ~/.gdbinit gdb -q -ex 'gef missing' -ex 'gef help' -ex 'gef config' -ex start -ex continue -ex quit /bin/pwd - - name: Run linter - run: | - make lint - - name: Run Tests env: GEF_CI_ARCH: ${{ steps.set-arch-properties.outputs.arch }} run: | make test + + - name: Run linter + run: | + make lint + From 5b914205542da30695b8ce869dfc358e2f38aa2a Mon Sep 17 00:00:00 2001 From: Teddy Heinen Date: Mon, 29 Nov 2021 18:38:55 -0600 Subject: [PATCH 02/10] add support for hex strings to print-format (#758) --- docs/commands.md | 1 + docs/commands/print-format.md | 5 +++-- gef.py | 8 +++++--- tests/runtests.py | 3 +++ 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/docs/commands.md b/docs/commands.md index 003f4fa20..24d865b0f 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -38,6 +38,7 @@ improve it. |`pattern` | This command will create or search a De Bruijn cyclic pattern to facilitate determining the offset in memory. The algorithm used is the same as the one used by pwntools, and can therefore be used in conjunction.| |`pcustom` | Dump user defined structure. This command attempts to reproduce WinDBG awesome `dt` command for GDB and allows to apply structures (from symbols or custom) directly to an address. Custom structures can be defined in pure Python using ctypes, and should be stored in a specific directory, whose path must be stored in the `pcustom.struct_path` configuration setting. (alias: `dt`)| |`pie` | Base command to support PIE breakpoints. PIE breakpoints is that you can set to a PIE binary, and use pie series commands to attach or create a new process, and it will automatically set the real breakpoint when the binary is running. +|`print-format` | Command to dump memory in a variety of formats, such as programming language array literals. (alias: `pf`)| |`process-search` | List and filter process. (alias: `ps`)| |`process-status` | Extends the info given by GDB `info proc`, by giving an exhaustive description of the process status.| |`registers` | Display full details on one, many or all registers value from current architecture.| diff --git a/docs/commands/print-format.md b/docs/commands/print-format.md index 15bd94fb5..e9a78a750 100644 --- a/docs/commands/print-format.md +++ b/docs/commands/print-format.md @@ -1,17 +1,18 @@ ## Command print-format ## -The command `print-format` (alias `pf`) will dump an arbitrary location as an array of bytes following the syntax of the programming language specified. Currently, the output language supported are +The command `print-format` (alias `pf`) will dump an arbitrary location as an array of bytes following the format specified. Currently, the output formats supported are - Python (`py` - default) - C (`c`) - Assembly (`asm`) - Javascript (`js`) + - Hex string (`hex`) ``` gef➤ print-format -h [+] print-format [--lang LANG] [--bitlen SIZE] [(--length,-l) LENGTH] [--clip] LOCATION - --lang LANG specifies the output format for programming language (available: ['py', 'c', 'js', 'asm'], default 'py'). + --lang LANG specifies the output format for programming language (available: ['py', 'c', 'js', 'asm', 'hex'], default 'py'). --bitlen SIZE specifies size of bit (possible values: [8, 16, 32, 64], default is 8). --length LENGTH specifies length of array (default is 256). --clip The output data will be copied to clipboard diff --git a/gef.py b/gef.py index 88e27fa3c..0bf4309b8 100644 --- a/gef.py +++ b/gef.py @@ -4762,7 +4762,7 @@ def do_invoke(self, argv): @register_command class PrintFormatCommand(GenericCommand): - """Print bytes format in high level languages.""" + """Print bytes format in commonly used formats, such as literals in high level languages.""" format_matrix = { 8: (endian_str() + "B", "char", "db"), @@ -4771,12 +4771,12 @@ class PrintFormatCommand(GenericCommand): 64: (endian_str() + "Q", "long long", "dq"), } - valid_formats = ["py", "c", "js", "asm"] + valid_formats = ["py", "c", "js", "asm", "hex"] _cmdline_ = "print-format" _aliases_ = ["pf",] _syntax_ = """{} [--lang LANG] [--bitlen SIZE] [(--length,-l) LENGTH] [--clip] LOCATION -\t--lang LANG specifies the output format for programming language (available: {}, default 'py'). +\t--lang LANG specifies the output format (available: {}, default 'py'). \t--bitlen SIZE specifies size of bit (possible values: {}, default is 8). \t--length LENGTH specifies length of array (default is 256). \t--clip The output data will be copied to clipboard @@ -4825,6 +4825,8 @@ def do_invoke(self, argv, *args, **kwargs): elif args.lang == "asm": asm_type = self.format_matrix[args.bitlen][2] out = "buf {0} {1}".format(asm_type, sdata) + elif args.lang == "hex": + out = binascii.hexlify(read_memory(start_addr, end_addr-start_addr)).decode() if args.clip: if copy_to_clipboard(gef_pybytes(out)): diff --git a/tests/runtests.py b/tests/runtests.py index c2db5f08d..d5d15325c 100755 --- a/tests/runtests.py +++ b/tests/runtests.py @@ -536,6 +536,9 @@ def test_cmd_print_format(self): res = gdb_start_silent_cmd("print-format --lang js $sp") self.assertNoException(res) self.assertTrue("var buf = [" in res) + res = gdb_start_silent_cmd("print-format --lang hex $sp") + self.assertNoException(res) + self.assertTrue("f7ff7f" in res) res = gdb_start_silent_cmd("print-format --lang iDontExist $sp") self.assertNoException(res) self.assertTrue("Language must be in:" in res) From add63da2b6dd05c0378896ed2c9f503ba98fdf52 Mon Sep 17 00:00:00 2001 From: theguy147 <37738506+theguy147@users.noreply.github.com> Date: Fri, 3 Dec 2021 16:22:11 +0100 Subject: [PATCH 03/10] fix typo in GotBaseFunction docs (#761) --- gef.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gef.py b/gef.py index 0bf4309b8..928bd0ba7 100644 --- a/gef.py +++ b/gef.py @@ -10597,7 +10597,7 @@ def do_invoke(self, args): @register_function class GotBaseFunction(GenericFunction): - """Return the current bss base address plus the given offset.""" + """Return the current GOT base address plus the given offset.""" _function_ = "_got" def do_invoke(self, args): From 04f847b360513b1a7ed92271325d45c7e19075dd Mon Sep 17 00:00:00 2001 From: hugsy Date: Mon, 6 Dec 2021 08:16:15 -0800 Subject: [PATCH 04/10] Bound `nb_argument` when printing guessed arguments (fix #753) (#755) --- gef.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/gef.py b/gef.py index 928bd0ba7..b650d9a9b 100644 --- a/gef.py +++ b/gef.py @@ -8693,12 +8693,10 @@ def __get_current_block_start_address(): pass if not nb_argument: - if not parameter_set: - nb_argument = 0 - elif is_x86_32(): + if is_x86_32(): nb_argument = len(parameter_set) else: - nb_argument = max(function_parameters.index(p)+1 for p in parameter_set) + nb_argument = max([function_parameters.index(p)+1 for p in parameter_set], default=0) args = [] for i in range(nb_argument): From 702858c8a05adec63d579518c4ccc298b70b79a7 Mon Sep 17 00:00:00 2001 From: hugsy Date: Mon, 6 Dec 2021 08:16:37 -0800 Subject: [PATCH 05/10] Remove final `assert` (#756) * remove `assert` in `GlibcHeapTcachebinsCommand.tcachebin()` * Rephrased the error message in `tcachebin()` --- gef.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gef.py b/gef.py index b650d9a9b..908c8d82c 100644 --- a/gef.py +++ b/gef.py @@ -7302,7 +7302,10 @@ def check_thread_ids(tids): @staticmethod def tcachebin(tcache_base, i): """Return the head chunk in tcache[i] and the number of chunks in the bin.""" - assert i < GlibcHeapTcachebinsCommand.TCACHE_MAX_BINS, "index should be less then TCACHE_MAX_BINS" + if i >= GlibcHeapTcachebinsCommand.TCACHE_MAX_BINS: + err("Incorrect index value, index value must be between 0 and {}-1, given {}".format(GlibcHeapTcachebinsCommand.TCACHE_MAX_BINS, i)) + return None, 0 + tcache_chunk = GlibcChunk(tcache_base) # Glibc changed the size of the tcache in version 2.30; this fix has From 3efb77b8c632a1aefeb86c6604c9225c9f933e87 Mon Sep 17 00:00:00 2001 From: hugsy Date: Mon, 6 Dec 2021 08:17:00 -0800 Subject: [PATCH 06/10] Adds constants to `gef.py` for M68K support (in `gef-extras`) (#757) --- gef.py | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/gef.py b/gef.py index 908c8d82c..7c6f819e9 100644 --- a/gef.py +++ b/gef.py @@ -493,6 +493,7 @@ class Elf: AARCH64 = 0xb7 RISCV = 0xf3 IA64 = 0x32 + M68K = 0x04 ET_RELOC = 1 ET_EXEC = 2 @@ -2740,6 +2741,20 @@ def mprotect_asm(cls, addr, size, perm): return "; ".join(insns) +SUPPORTED_ARCHITECTURES = { + "ARM": ARM, Elf.ARM: ARM, + "AARCH64": AARCH64, "ARM64": AARCH64, Elf.AARCH64: AARCH64, + "X86": X86, Elf.X86_32: X86, + "X86_64": X86_64, Elf.X86_64: X86_64, "i386:x86-64": X86_64, + "PowerPC": PowerPC, "PPC": PowerPC, Elf.POWERPC: PowerPC, + "PowerPC64": PowerPC64, "PPC64": PowerPC64, Elf.POWERPC64: PowerPC64, + "RISCV": RISCV, Elf.RISCV: RISCV, + "SPARC": SPARC, Elf.SPARC: SPARC, + "SPARC64": SPARC64, Elf.SPARC64: SPARC64, + "MIPS": MIPS, Elf.MIPS: MIPS, +} + + def write_memory(address, buffer, length=0x10): """Write `buffer` at address `address`.""" return gdb.selected_inferior().write_memory(address, buffer, length) @@ -3759,23 +3774,11 @@ def set_arch(arch=None, default=None): set that arch. Return the selected arch, or raise an OSError. """ - arches = { - "ARM": ARM, Elf.ARM: ARM, - "AARCH64": AARCH64, "ARM64": AARCH64, Elf.AARCH64: AARCH64, - "X86": X86, Elf.X86_32: X86, - "X86_64": X86_64, Elf.X86_64: X86_64, "i386:x86-64": X86_64, - "PowerPC": PowerPC, "PPC": PowerPC, Elf.POWERPC: PowerPC, - "PowerPC64": PowerPC64, "PPC64": PowerPC64, Elf.POWERPC64: PowerPC64, - "RISCV": RISCV, Elf.RISCV: RISCV, - "SPARC": SPARC, Elf.SPARC: SPARC, - "SPARC64": SPARC64, Elf.SPARC64: SPARC64, - "MIPS": MIPS, Elf.MIPS: MIPS, - } global current_arch, current_elf if arch: try: - current_arch = arches[arch.upper()]() + current_arch = SUPPORTED_ARCHITECTURES[arch.upper()]() return current_arch except KeyError: raise OSError("Specified arch {:s} is not supported".format(arch.upper())) @@ -3786,11 +3789,11 @@ def set_arch(arch=None, default=None): arch_name = current_elf.e_machine if current_elf else get_arch() try: - current_arch = arches[arch_name]() + current_arch = SUPPORTED_ARCHITECTURES[arch_name]() except KeyError: if default: try: - current_arch = arches[default.upper()]() + current_arch = SUPPORTED_ARCHITECTURES[default.upper()]() except KeyError: raise OSError("CPU not supported, neither is default {:s}".format(default.upper())) else: @@ -8022,6 +8025,7 @@ def do_invoke(self, argv, *args, **kwargs): Elf.AARCH64 : "AArch64", Elf.RISCV : "RISC-V", Elf.IA64 : "IA-64", + Elf.M68K : "M68K", } filename = args.filename or get_filepath() From d512ac91fbdd8fadb1915ee06b6c087836f22837 Mon Sep 17 00:00:00 2001 From: hugsy Date: Sat, 11 Dec 2021 12:12:07 -0800 Subject: [PATCH 07/10] Added @therealdreg to the sponsors list --- docs/index.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index d7d290e01..bed2ee674 100644 --- a/docs/index.md +++ b/docs/index.md @@ -178,13 +178,19 @@ _Side Note_: `GEF` fully relies on the GDB API and other Linux-specific sources Or if you just like the tool, feel free to drop a simple *"thanks"* on Discord, Twitter or other, it is **always** very appreciated. -### Sponsors ### +## Sponsors ## We would like to thank in particular the following people who've been sponsoring GEF allowing us to dedicate more time and resources to the project: - [@nkaretnikov](https://github.com/nkaretnikov) - [@R3zk0n](https://github.com/r3zk0n) - [@merces](https://github.com/merces) + - [@nbars](https://github.com/nbars) + - [@maycon](https://github.com/maycon) + - [@jespinhara](https://github.com/jespinhara) + - [@therealdreg](https://github.com/therealdreg) + +Want to be part of this list of amazing people? [Jump here!](https://github.com/sponsors/hugsy) ### Extra Credits ### From 1c9da335296b8db076c6815cf8c8981c4abcc6d9 Mon Sep 17 00:00:00 2001 From: hugsy Date: Sat, 11 Dec 2021 12:16:23 -0800 Subject: [PATCH 08/10] Update README.md Added info for sponsoring the project --- README.md | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/README.md b/README.md index 53c177080..34c231925 100644 --- a/README.md +++ b/README.md @@ -85,19 +85,7 @@ Unlike other GDB plugins, GEF has an extensive and up-to-date [documentation](ht To get involved, refer to the [Contribution documentation](https://gef.readthedocs.io/en/master/#contribution) and the [guidelines](https://github.com/hugsy/gef/blob/dev/.github/CONTRIBUTING.md) to start. - -## Sponsors ## - -We would like to thank in particular the following people who've been sponsoring GEF allowing us to dedicate more time and resources to the project: - - - [@nkaretnikov](https://github.com/nkaretnikov) - - [@R3zk0n](https://github.com/r3zk0n) - - [@merces](https://github.com/merces) - - [@nbars](https://github.com/nbars) - - [@maycon](https://github.com/maycon) - - [@jespinhara](https://github.com/jespinhara) - -Want to be part of this list of amazing people? [Jump here!](https://github.com/sponsors/hugsy) +Another way to contribute to keeping the project alive is by sponsoring it! Check out [the sponsoring documentation](https://gef.readthedocs.io/en/master/#sponsors) for details so you can be part of the list of those [awesome sponsors](https://github.com/sponsors/hugsy). ### Happy Hacking ### From d98ffb789a67ce7564cb00986c51f4d3e125bdc9 Mon Sep 17 00:00:00 2001 From: Wyatt Neal Date: Sat, 11 Dec 2021 15:25:07 -0500 Subject: [PATCH 09/10] Fixes GEF installer bash script #762) Fixes errors the `errs on unary operator expected` error due to undeclared variables --- scripts/gef.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/gef.sh b/scripts/gef.sh index 951d72dc0..765f62dfa 100755 --- a/scripts/gef.sh +++ b/scripts/gef.sh @@ -8,6 +8,9 @@ if [ "$1" = "dev" ]; then echo "set branch to dev" fi +curl_found=0 +wget_found=0 + # check dependencies if [ `which curl` ]; then curl_found=1 From 08f4b28a933e6ec64358a4ab70e2f9236ff93f37 Mon Sep 17 00:00:00 2001 From: szotsaki Date: Sun, 26 Dec 2021 00:26:17 +0100 Subject: [PATCH 10/10] Update dereference.md (#773) Add compulsory arguments to `dereference` --- docs/commands/dereference.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/commands/dereference.md b/docs/commands/dereference.md index 95b92d776..cfec9f1fb 100644 --- a/docs/commands/dereference.md +++ b/docs/commands/dereference.md @@ -29,7 +29,7 @@ gef➤ dereference Here is an example with arguments: ``` -gef➤ telescope $rbp+0x10 8 +gef➤ telescope $rbp+0x10 -l 8 0x00007fffffffdf40│+0x0000: 0x00007ffff7fa5760 → 0x00000000fbad2887 0x00007fffffffdf48│+0x0008: 0x00000001f7e65b63 0x00007fffffffdf50│+0x0010: 0x0000000000000004 @@ -49,7 +49,7 @@ context (on a 64bit architecture): ``` gef➤ p ($rbp - $rsp)/8 $3 = 4 -gef➤ dereference 5 +gef➤ dereference -l 5 0x00007fffffffe170│+0x0000: 0x0000000000400690 → push r15 ← $rsp 0x00007fffffffe178│+0x0008: 0x0000000000400460 → xor ebp, ebp 0x00007fffffffe180│+0x0010: 0x00007fffffffe270 → 0x1 @@ -61,7 +61,7 @@ It is possible to change the offset calculation to use a different address than the start address: ``` -gef➤ dereference $sp l7 r$rbp +gef➤ dereference $sp -l 7 -r $rbp 0x00007ffe6ddaa3e0│-0x0030: 0x0000000000000000 ← $rsp 0x00007ffe6ddaa3e8│-0x0028: 0x0000000000400970 → <__libc_csu_init+0> push r15 0x00007ffe6ddaa3f0│-0x0020: 0x0000000000000000